Hackers are targeting transportation firms as the industry embraces digitalization, the IoT, and smartphone apps. But there are protective steps these firms can take, experts say.
Ben Ames has spent 20 years as a journalist since starting out as a daily newspaper reporter in Pennsylvania in 1995. From 1999 forward, he has focused on business and technology reporting for a number of trade journals, beginning when he joined Design News and Modern Materials Handling magazines. Ames is author of the trail guide "Hiking Massachusetts" and is a graduate of the Columbia School of Journalism.
Computer hackers loom large in newspaper headlines and Hollywood movies, but transportation and supply chain workers haven’t traditionally seen them as a real threat. After all, driving a truck or a forklift meant you were seldom even near a computer keyboard, and there’s nothing digital about booking freight loads using a clipboard and a phone.
However, in the past five years, the logistics industry has been awash in cybertrends like supply chain digitalization, the Internet of Things (IoT), and the expanded use of electronic logging devices (ELDs), not to mention the smartphones that most Americans carry in their pockets or purses these days.
Most of those attacks used “ransomware” to lock down the victims’ computer networks, hobbling their logistics operations until they cracked the code or paid a ransom to the data-kidnappers. As a rule, the targets of these cybercriminals do not disclose the details of the extortion to avoid encouraging future attacks.
The financial damage aside, the mere act of freezing a company’s operations for a few days can damage the victim’s reputation. Even the names of the bugs and viruses deployed by hackers sound frightening, including malware like Azorult, Hawkeye, Kwampirs, Locky, Lokibot, Nanocore, Netwired, Remcos, and Shamoon.
Despite the growing danger posed by cyberthreats, logistics firms can follow some basic rules to greatly reduce their exposure, such as educating employees, putting proper network controls in place, and creating disaster recovery plans.
PROTECT THE WEAKEST LINK
One way companies can protect themselves is by defining a single set of best practices for all employees, regardless of their role in the organization, says Chris Sandberg, vice president of information security for supply chain technology company Trimble Transportation.
Trimble, a provider of fleet management and transportation management software, says many of its clients rely on a compex IT (information technology) infrastructure in their daily operations, noting that a typical logistics service provider might have servers in its back office, telematics hardware on its trucks, and cloud-based networks used to manage maintenance and other critical tasks. “It’s important to have that standard so the same … controls are in place across all the different [types] of technology a customer might be using, because a chain is only as strong as its weakest link,” Sandberg says.
Another critical step in cyber self-defense is to establish a recovery plan before a problem ever develops. “The best time to develop your disaster plan is not during the disaster,” Sandberg says. “If you’re a trucking company and you get stuck with a crypto-lock virus, how do you continue operations? If you’ve identified certain elements as critical resources, you can come up with mitigation strategies.”
As logical as that might sound, smaller carriers often lack the resources to prepare disaster recovery plans ahead of time, Sandberg says. On top of that, they frequently lack the IT capabilities to distinguish between “white hat” hackers—who are basically using their skills to help companies identify their digital vulnerabilities—and “black hat” hackers who are plotting serious crimes, Sandberg says. A cybercriminal looking for a big payout might threaten a company by freezing its data and demanding a ransom, by stealing and selling a company’s data, or by collecting demographic information on its employees in an attempt to hire them away.
In many cases, an employee won’t even realize that they’ve become the victim of a hack until it’s too late, he says. “If someone sends out an email with malware links, they’re not targeting someone; it’s indiscriminate. They’re just trying to get someone to click on the link so they can freeze the account and get them to pay a ransom,” he says.
In another approach, a hacker might target truck drivers by offering them a free smartphone app that provides discounts on food and fuel, for example. That sounds harmless at first, but all data has value, Sandberg says. “Most people don’t read the disclaimers before they download an app,” he says. “Then, the hacker can scrape demographic information from them [and share it with] competing carriers. With the driver shortage, those carriers could use that information to target their advertising to a specific population of drivers and hire away those employees.”
For operations facing such threats, the best defense is education, says Jane Jazrawy, CEO of CarriersEdge, a provider of online driver-training platforms. And that’s become particularly important since the onset of the Covid-19 pandemic, which has made supply chain firms even more vulnerable to cyberthreats, she says.
What’s made them more vulnerable is the widespread adoption of work-from-home policies designed to curb the spread of the virus, Jazrawy explains. In the past few months, thousands of logistics professionals have migrated from the traditional office to the home office, leaving the safety of the corporate IT infrastructure and logging onto personal laptops using home data networks that are seldom up to date.
“Networks at home don’t have the same firewalls and protection” as at work, Jazrawy says. “You may not have a password on your router. Or you may be using your neighbor’s Wi-Fi, or you haven’t updated Norton Antivirus for three years. So as everybody goes home to work, the hackers are coming. They’re just itching to go; it’s like Christmas for hackers.”
“WE’RE ALL TECH WORKERS NOW”
The supply chain sector has also become more vulnerable to security breaches because fleets today share their data with more partners than ever before in order to provide real-time shipment visibility. “When a customer sends data to a trucking company, a whole chain of data then moves between the dispatcher, planner, loadboards, truck stops, drivers, and more,” Jazrawy says.
As supply chain companies enter the computer age, they need to be aware they are now moving data as well as freight, and criminals see both as valuable targets. “People in the transportation industry don’t think of themselves as technology workers; they don’t think they’re important enough that anyone would want their data,” she says. “But hackers are usually just trying to get their data so they can use it to get even more data and then commit a larger, more profitable crime.”
In order to protect themselves, companies must guard against two types of risk: technological and human. “Most hackers are not so much trying to use technology, but to use social engineering,” Jazrawy says. “If you can get someone to cough up their password, that’s way easier than trying random passwords forever until you get into their system.”
Computer users can defend themselves against those threats by studying the risks and staying vigilant, she says. Most social engineering—or “phishing” attacks—use psychological tactics, preying on fear, greed, or some other human emotion. “So now we’re seeing all these Covid-19 email messages that are playing on fear,” Jazrawy says. “But it’s usually phishing; saying ‘Click here and we’ll solve all your problems.’”
If a transportation worker does click on one of those links by mistake, they should follow two simple steps, she says: First, don’t panic, and second, disconnect from the network—whether it’s a cord or Wi-Fi—and run a virus scan to identify any malware that might have been installed.
Cybercrime in the supply chain sector is definitely on the rise. But across the industry, IT experts agree that there are steps logistics company leaders can take to protect their operations from hackers, including educating employees and putting proper network controls in place. “The more you know and are aware and are vigilant,” Jazrawy says, “[the better your chances of avoiding] the threat.”
Supply chain planning (SCP) leaders working on transformation efforts are focused on two major high-impact technology trends, including composite AI and supply chain data governance, according to a study from Gartner, Inc.
"SCP leaders are in the process of developing transformation roadmaps that will prioritize delivering on advanced decision intelligence and automated decision making," Eva Dawkins, Director Analyst in Gartner’s Supply Chain practice, said in a release. "Composite AI, which is the combined application of different AI techniques to improve learning efficiency, will drive the optimization and automation of many planning activities at scale, while supply chain data governance is the foundational key for digital transformation.”
Their pursuit of those roadmaps is often complicated by frequent disruptions and the rapid pace of technological innovation. But Gartner says those leaders can accelerate the realized value of technology investments by facilitating a shift from IT-led to business-led digital leadership, with SCP leaders taking ownership of multidisciplinary teams to advance business operations, channels and products.
“A sound data governance strategy supports advanced technologies, such as composite AI, while also facilitating collaboration throughout the supply chain technology ecosystem,” said Dawkins. “Without attention to data governance, SCP leaders will likely struggle to achieve their expected ROI on key technology investments.”
The British logistics robot vendor Dexory this week said it has raised $80 million in venture funding to support an expansion of its artificial intelligence (AI) powered features, grow its global team, and accelerate the deployment of its autonomous robots.
A “significant focus” continues to be on expanding across the U.S. market, where Dexory is live with customers in seven states and last month opened a U.S. headquarters in Nashville. The Series B will also enhance development and production facilities at its UK headquarters, the firm said.
The “series B” funding round was led by DTCP, with participation from Latitude Ventures, Wave-X and Bootstrap Europe, along with existing investors Atomico, Lakestar, Capnamic, and several angels from the logistics industry. With the close of the round, Dexory has now raised $120 million over the past three years.
Dexory says its product, DexoryView, provides real-time visibility across warehouses of any size through its autonomous mobile robots and AI. The rolling bots use sensor and image data and continuous data collection to perform rapid warehouse scans and create digital twins of warehouse spaces, allowing for optimized performance and future scenario simulations.
Originally announced in September, the move will allow Deutsche Bahn to “fully focus on restructuring the rail infrastructure in Germany and providing climate-friendly passenger and freight transport operations in Germany and Europe,” Werner Gatzer, Chairman of the DB Supervisory Board, said in a release.
For its purchase price, DSV gains an organization with around 72,700 employees at over 1,850 locations. The new owner says it plans to investment around one billion euros in coming years to promote additional growth in German operations. Together, DSV and Schenker will have a combined workforce of approximately 147,000 employees in more than 90 countries, earning pro forma revenue of approximately $43.3 billion (based on 2023 numbers), DSV said.
After removing that unit, Deutsche Bahn retains its core business called the “Systemverbund Bahn,” which includes passenger transport activities in Germany, rail freight activities, operational service units, and railroad infrastructure companies. The DB Group, headquartered in Berlin, employs around 340,000 people.
“We have set clear goals to structurally modernize Deutsche Bahn in the areas of infrastructure, operations and profitability and focus on the core business. The proceeds from the sale will significantly reduce DB’s debt and thus make an important contribution to the financial stability of the DB Group. At the same time, DB Schenker will gain a strong strategic owner in DSV,” Deutsche Bahn CEO Richard Lutz said in a release.
Transportation industry veteran Anne Reinke will become president & CEO of trade group the Intermodal Association of North America (IANA) at the end of the year, stepping into the position from her previous post leading third party logistics (3PL) trade group the Transportation Intermediaries Association (TIA), both organizations said today.
Meanwhile, TIA today announced that insider Christopher Burroughs would fill Reinke’s shoes as president & CEO. Burroughs has been with TIA for 13 years, most recently as its vice president of Government Affairs for the past six years, during which time he oversaw all legislative and regulatory efforts before Congress and the federal agencies.
Before her four years leading TIA, Reinke spent two years as Deputy Assistant Secretary with the U.S. Department of Transportation and 16 years with CSX Corporation.
Serious inland flooding and widespread power outages are likely to sweep across Florida and other Southeast states in coming days with the arrival of Hurricane Helene, which is now predicted to make landfall Thursday evening along Florida’s northwest coast as a major hurricane, according to the National Oceanic and Atmospheric Administration (NOAA).
While the most catastrophic landfall impact is expected in the sparsely-population Big Bend area of Florida, it’s not only sea-front cities that are at risk. Since Helene is an “unusually large storm,” its flooding, rainfall, and high winds won’t be limited only to the Gulf Coast, but are expected to travel hundreds of miles inland, the weather service said. Heavy rainfall is expected to begin in the region even before the storm comes ashore, and the wet conditions will continue to move northward into the southern Appalachians region through Friday, dumping storm total rainfall amounts of up to 18 inches. Specifically, the major flood risk includes the urban areas around Tallahassee, metro Atlanta, and western North Carolina.
In addition to its human toll, the storm could exert serious business impacts, according to the supply chain mapping and monitoring firm Resilinc. Those will be largely triggered by significant flooding, which could halt oil operations, force mandatory evacuations, restrict ports, and disrupt air traffic.
While the storm’s track is currently forecast to miss the critical ports of Miami and New Orleans, it could still hurt operations throughout the Southeast agricultural belt, which produces products like soybeans, cotton, peanuts, corn, and tobacco, according to Everstream Analytics.
That widespread footprint could also hinder supply chain and logistics flows along stretches of interstate highways I-10 and I-75 and on regional rail lines operated by Norfolk Southern and CSX. And Hurricane Helene could also likely impact business operations by unleashing power outages, deep flooding, and wind damage in northern Florida portions of Georgia, Everstream Analytics said.
Before the storm had even touched Florida soil, recovery efforts were already being launched by humanitarian aid group the American Logistics Aid Network (ALAN). In a statement on Wednesday, the group said it is urging residents in the storm's path across the Southeast to heed evacuation notices and safety advisories, and reminding members of the logistics community that their post-storm help could be needed soon. The group will continue to update its Disaster Micro-Site with Hurricane Helene resources and with requests for donated logistics assistance, most of which will start arriving within 24 to 72 hours after the storm’s initial landfall, ALAN said.